{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:08:04.963","vulnerabilities":[{"cve":{"id":"CVE-2024-42142","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-30T08:15:05.993","lastModified":"2025-11-03T22:17:42.253","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: E-switch, crea ACL de entrada cuando sea necesario Actualmente, la acl de entrada se utiliza para tres funciones. Se crea solo cuando la coincidencia de metadatos de vport y la etiqueta prio están habilitadas. Pero el modo de retraso de respaldo activo también lo usa. Es independiente de la coincidencia de metadatos de vport y de la etiqueta prio. Y la coincidencia de metadatos de vport se puede desactivar usando el siguiente comando devlink: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\ value false cmode runtime Si no se crea la acl de entrada, entrará en pánico al crear una regla de eliminación para la copia de seguridad activa modo de retraso. Si lo crea siempre, habrá una degradación del rendimiento de aproximadamente un 5 %. Solucionarlo creando una acl de entrada cuando sea necesario. Si esw_port_metadata es verdadero, la acl de entrada existe, luego cree una regla de eliminación utilizando la acl de entrada existente. Si esw_port_metadata es falso, cree una acl de entrada y luego cree una regla de eliminación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.98","matchCriteriaId":"B3456516-7A6B-40C7-891C-0802FF927B9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.39","matchCriteriaId":"29E894E4-668F-4DB0-81F7-4FB5F698E970"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.9","matchCriteriaId":"ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*","matchCriteriaId":"2EBB4392-5FA6-4DA9-9772-8F9C750109FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*","matchCriteriaId":"331C2F14-12C7-45D5-893D-8C52EE38EA10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*","matchCriteriaId":"3173713D-909A-4DD3-9DD4-1E171EB057EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*","matchCriteriaId":"79F18AFA-40F7-43F0-BA30-7BDB65F918B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*","matchCriteriaId":"BD973AA4-A789-49BD-8D57-B2846935D3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*","matchCriteriaId":"8F3E9E0C-AC3E-4967-AF80-6483E8AB0078"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}